/*
 * @author Michael Azzopardi (mazzopar@andrew.cmu.edu)
 */

package com.eep.security;

import com.eep.security.Session.SecurityStatus;
import com.eep.data.DataService;
import com.eep.data.DataServiceImpl;
import com.eep.data.DatabaseName;
import com.eep.logging.*;

/**
 *
 * @author michael
 */
public class SecurityServiceImpl implements SecurityService {

    public SecurityStatus authenticate(String username, String password) {
        System.out.println("SecurityService : AUTHENTICATE");
        DataService ds = new DataServiceImpl();
        ds.createConnection(DatabaseName.Security);
        System.out.println("SecurityService : Checking username");
         // check if username is in database
       Session user= ds.getUser(username);
       if (user != null) {
            System.out.println("SecurityService : Username found. Checking password.");
            // check if password matches
            if (password.matches(user.getPassword())) {
                System.out.println("SecurityService : Username and password match.");
                
                LoggingService logging = new LoggingServiceImpl();
                logging.logAppEvent(new LogEvent(username, LogType.Security, LogEventType.Login));
                
                return SecurityStatus.authenticated;
            } else {
                System.out.println("SecurityService :  Incorrect password.");
                
                LoggingService logging = new LoggingServiceImpl();
                logging.logAppEvent(new LogEvent(username, LogType.Security, LogEventType.LoginFailed));
                
                return SecurityStatus.invalidPassword;
            }
        } else {
            System.out.println("SecurityService :  Username not found..");
            
            LoggingService logging = new LoggingServiceImpl();
            logging.logAppEvent(new LogEvent(username, LogType.Security, LogEventType.LoginFailed));
                
            return SecurityStatus.unkownUser;
        }
    }

    public Boolean authorize(Session session) {
        System.out.println("SecurityService : AUTHORIZE");
        DataService ds = new DataServiceImpl();
        ds.createConnection(DatabaseName.Security);
        if (session.getStatus() == SecurityStatus.authenticated) {
            // Check is username is associated in application table
            System.out.println("SecurityService : ApplicationID = "+session.getApplicationId());

            if (ds.isUserAuthorized(session.getUsername(), session.getApplicationId())) {
                System.out.println("SecurityService : User authorized to run this application.");
                session.setStatus(SecurityStatus.applicationAccessGranted);
                return true;
            } else {
                System.out.println("SecurityService : User not authorized to run this application.");
                session.setStatus(SecurityStatus.applicationAccessDenied);
                return false;
            }
        } else {
            System.out.println("SecurityService : User is not authenticated. Cannot authorize.");
            session.setStatus(SecurityStatus.applicationAccessDenied);
            return false;
        }
    }

}
